The Google Threat Intelligence Group (GTIG) released its annual analysis, confirming that 90 zero-day vulnerabilities<\/a> were actively exploited in the wild throughout 2025.<\/p>\n While this marks a slight decrease from the record 100 zero-days in 2023, it represents a noticeable increase from 2024\u2019s total of 78.<\/p>\n According to Google\u2019s researchers, attackers are shifting their focus away from browsers and heavily targeting enterprise infrastructure, mobile operating systems, and edge devices to achieve widespread network access<\/a>.<\/p>\n In a significant landscape shift, Commercial Surveillance Vendors (CSVs)<\/a> overtook traditional state-sponsored espionage groups as the primary drivers of zero-day exploitation.<\/p>\n These vendors continue to develop complex exploit chains to bypass modern security boundaries on mobile devices<\/a>.<\/p>\n Consequently, mobile zero-day discoveries rebounded to 15 in 2025, forcing attackers to chain multiple bugs together to achieve deep system access. Meanwhile, enterprise technologies accounted for 48% of all exploited zero-days.<\/p>\n Networking and security appliances remain highly vulnerable due to their privileged network positions and lack of built-in endpoint detection capabilities.<\/p>\n State-sponsored groups, specifically PRC-nexus operators like UNC3886<\/a> and UNC5221, consistently targeted these edge devices for long-term espionage.<\/p>\n Threat actors are also evolving their ultimate objectives. A 2025 malware campaign known as BRICKSTORM<\/a> highlighted a new paradigm where state-sponsored attackers targeted technology companies to steal proprietary source code.<\/p>\n This stolen intellectual property accelerates the discovery of future zero-day vulnerabilities, creating a dangerous cycle of exploitation.<\/p>\n Furthermore, financially motivated actors matched previous records by exploiting nine zero-days, proving that advanced exploits are no longer strictly limited to espionage.<\/p>\n As attackers increasingly use AI to accelerate vulnerability<\/a> discovery and exploit development, organizations must adopt layered defense mechanisms.<\/p>\n GTIG emphasizes that security teams should prepare<\/a> for eventual compromise by implementing strict network segmentation and maintaining a real-time asset inventory.<\/p>\n A core defense strategy involves tracking a Software Bill of Materials (SBoM)<\/a> to identify vulnerable components when new zero-days emerge rapidly.<\/p>\n The 2025 threat landscape demonstrates that as vendors secure basic software flaws, threat actors rapidly pivot to more complex, highly privileged enterprise environments.<\/p>\n Security teams must prioritize edge device monitoring, strict access controls, and rapid remediation to defend against these escalating campaigns.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Google Confirms 90 Zero-Day Vulnerabilities Actively Exploited in 2025<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nExpanding Attack Surfaces<\/strong><\/h2>\n
![\"Attributed](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEg9n39UGVFFMTIp-d4zwH2K3lwj0vs5wqjQ0Y0XAoTCxeNXguZp4vEL62yemTEbR9Li9S764wzTfnAtQCUEgNAhQqb4F9aX14SXVUz4vqSz88CcqI3naD7-KTO7IjmCPrq7d0Ynok1WxkKUUg8zpXFO2QkyCMmHTIrToGTgVhg4whyxV9PYa3VI5qqMsb8\/s1600\/Screenshot%25202026-03-06%2520103906%2520%25281%2529.webp?ssl=1\")
![\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgRLj0ibhqfWvr9nJy9osUsNtgG3JicFlM_aBM3iDC5XFzMsU-BdvXjh4bBiM8Ic8C3ogLlCJx6hnAlEP5jZw5u9_U04SBPRG7fgXc5uVbpDCSFEUZFCFtMauKvsvNSOValQTw1E75fY9-qiYll1OSPwjF7Rry3pcBNq86IN1Z5OX_luAXzrWJKiVlYJsw\/s1600\/Screenshot%25202026-03-06%2520103821%2520%25281%2529.webp?ssl=1\")
![\"2025](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjx3is0O7E8tBJmeMMEjPSlDKbecdU3MZuj_TaoylwJe_YCrjtylDd4oQRGITTPriDBP3_5-cf4XeWzLDjphI3g5koBzd42GYusCDj4nD3ehuumjUs0bZhS7GYAr0MCla8t8eZj1dMAbaciXb14dnLCkZBDFW4bTTNpXAH0PKBbWC0ftjuaMV4SpLWpDoM\/s1600\/Screenshot%25202026-03-06%2520103835%2520%25281%2529.webp?ssl=1\")